Enroll Windows 10 into Defender ATP Using ConfigMgr

This post is part of an ongoing series about enabling Defender ATP on different devices. This post will focus on enabling Defender ATP on Windows 10 using ConfigMgr. It’s a fairly straightforward process that doesn’t take very long to accomplish.

To complete this blog, you will need an active Defender ATP subscription. You get that by having a Windows 10 Enterprise E5 or A5 license in your Azure AD. If you haven’t enabled Defender ATP in your tenant yet, it’s really easy. There is a guide available here: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/production-deployment. If you’re not an administrator of this tenant, you will need an administrator of the tenant to download the package file for you.

You will also need at least ConfigMgr 1606 to perform these steps. I completed these steps on a ConfigMgr site running 1910.

There is no client, agent, or software to install for Defender ATP on Windows 10. Defender ATP utilizes the existing Windows Defender AV/anti-malware software. To enroll a Windows 10 computer into Defender ATP, you only need to deploy a profile from ConfigMgr.

Download the Package File

To enroll devices, download the package file from the Defender ATP portal. An administrator of your Defender ATP portal will need to perform these steps.

  1. Log into https://securitycenter.microsoft.com.
  2. Go to Settings > Machine management > Onboarding.
  3. Select Windows 10 from the drop-down box.
  1. In the Deployment method dropdown box, select System Center Configuration Manager (current branch) version 1606 and later.
  1. Click the Download package button.

Import the Onboarding File

Now that we have the onboarding package, we need to import it into ConfigMgr.

  1. Extract the onboarding package ZIP file.
  2. In the ConfigMgr console, navigate to Assets and Compliance > Endpoint Protection > Microsoft Defender ATP Policies.
  3. Click Create Microsoft Defender ATP Policy in the ribbon.
  4. Give the policy a name and click Next.
  5. Select the WindowsDefenderATP.onboarding file contained in the ZIP file. Your organization ID should auto-populate. Click Next.
  1. Select the options that best fit your organization on the next screen and click Next.
  1. Your policy will now be created.

Now that you have your Defender ATP policy, you can deploy it to a device collection just as you would any other deployment. You may want to deploy it first to a pilot collection, then to all of your systems. You should see computers begin to populate in Defender ATP within about 30 minutes of deploying policy.

All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.



Contact Us

On Key

More Posts

WME Cybersecurity Briefings No. 014
Cyber Security

WME Security Briefing 14 June 2024

LightSpy Spyware’s macOS Variant Detected with Advanced Surveillance Capabilities Overview Findings reveal a previously undocumented macOS variant of the LightSpy spyware. It was initially thought to target only iOS users. This spyware utilizes a plugin-based system

Read More »
WME Cybersecurity Briefings No. 013
Cyber Security

WME Security Briefing 10 June 2024

CISA Urges Patching of Actively Exploited Linux Kernel Vulnerability Overview CISA just issued an urgent advisory concerning a newly discovered security flaw in the Linux kernel. The flaw is being actively exploited to affect the netfilter component of

Read More »
3 Things to Consider Before You Enable Copilot for Microsoft 365
Microsoft Copilot

3 Things to Consider Before You Enable Copilot for Microsoft 365

In today’s digital landscape, any productivity tool that streamlines workflow and boosts performance is a pleasant addition. With its AI-powered productivity-enhancing capabilities, Microsoft Copilot has emerged as a game-changer for employees, particularly for organizations using Microsoft

Read More »
WME Cybersecurity Briefings No. 012
Cyber Security

WME Security Briefing 03 June 2024

Moroccan Cybercrime Group Exploits Gift Card Systems for Major Financial Gains Overview: Storm-0539, also called Atlas Lion, is a Moroccan cybercrime group that executes advanced email and SMS phishing attacks. They are committing fraud by utilizing

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.